Description
Multiple vulnerabilities exist in Barracuda Networks products due to improper validation of user-controlled input. User-controllable input supplied to the embedded web server is not properly sanitized for illegal path delimiting characters prior to being used to access files. A specially crafted HTTP request containing directory traversal sequences could allow remote attackers to conduct traversal attacks.
Remediation
The vendor has released Security Definition update v2.0.4 that addresses these vulnerabilities.
References
Related Vulnerabilities
WordPress Plugin Migration, Backup, Staging-WPvivid Directory Traversal (0.9.75)
WordPress Plugin gboutique Local File Inclusion (1.3)
WordPress Plugin True Ranker Directory Traversal (2.2.2)
WordPress Plugin SAM Pro (Free Edition) Local File Inclusion (1.9.6.67)
WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)